CVE-2023-20273

Vulnerability updated 22 days ago (2024-11-29T14:45:43.340Z)
Download STIX
Preview STIX
CVE-2023-20273 is a high-severity zero-day vulnerability disclosed by Cisco on October 21, 2023. This flaw in software design or implementation was actively exploited to deploy malicious implants on IOS XE devices. The exploitation of this vulnerability was discovered during the investigation of another zero-day (CVE-2023-20198), which had been revealed earlier in the same week. The exploit method for CVE-2023-20273 involves a second zero-day vulnerability, which was only discovered while investigating the initial one. This secondary vulnerability allows the attacker to elevate their privileges to root and write an implant on the file system. Instead of exploiting the first zero-day directly, attackers leveraged this second zero-day within another component of the WebUI feature to run the malicious implant. In summary, the attackers exploited two zero-day vulnerabilities (CVE-2023-20273 and CVE-2023-20198) to compromise IOS XE devices. These attacks involved privilege escalation and writing a malicious implant on the file system. As these vulnerabilities are being actively exploited, it's crucial for organizations to apply patches as soon as they become available to mitigate the risk of further attacks.
Description last updated: 2024-03-17T13:23:27.572Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Cisco
Exploit
Ios
CISA
Zero Day
Implant
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-20198 Vulnerability is associated with CVE-2023-20273. CVE-2023-20198 is a significant software vulnerability discovered in the Web User Interface (Web UI) feature of Cisco IOS XE software. This flaw, identified by Cisco, has been actively exploited when exposed to the internet or untrusted networks. The exploitation of this zero-day vulnerability has lis related to
2
Source Document References
Information about the CVE-2023-20273 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CISA
a month ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
7 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
8 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
9 months ago
Securityaffairs
10 months ago